Information Protection and Security

 Here's a great new video from the NCSA geared to 17-25 year olds.  It's fast moving, entertaining, and quick education for our students and anyone else interested.  The second video has been around for a while, and still good! 

National Cyber Security Awareness Month is over but our responsibility remains.  Technology can’t do everything.  All it takes is a visit to a hacked website, email click, or phishing exploit to pick-up malware.  Identity theft is just around the corner, but there are even bigger risks. Botnets have become a significant part of the Internet.  These groups consisting sometimes of millions of computers, remotely control their victims machines through malware for various purposes, including denial of service attacks, spam fraud, theft of application serial numbers, login IDs, and financial information such as credit card numbers. Can we handle it? Of course we can and awareness is a big part of it. Become aware of your surroundings, be careful on the Internet…don’t click that link in email, or provide your personal information unsecured; and if it looks "too good to be true”,  it probably is.  Security is our shared responsibility, so if you’re using a computer or any other mobile electronic device, Stop. Think. Secure IT!  

Many times attackers use social engineering tactics to trick victims into installing malware.  Malware is short for malicious software and includes Trojans, worms, viruses, etc. It can do any number of things to disable your computer and make life and computing frustrating.  To begin with, don’t be fooled by fake antivirus tools in pop-up windows, emails with embedded links and/or rusecuretelling you to provide confidential information (passwords, bank account numbers, etc) .  Stay away from links on social networking sites.  They’re a hotbed for the distribution of malware, often by sharing links by way of compromised accounts.  Spammers also send email looking like software upgrade advisories to trick you into installing malicious programs.  Stop. Think. Secure IT!

It’s the NPPI we have to worry about. 

 It's the end of the day and I feel that this is important enough to pass it on as a second blog.  The FDIC just released a special alert about emails appearing to be from them  and asking that you download and open a file.  The subject line reads, "personal FDIC insurance file". Delete the email, do not click on the link provided. It is believed that clicking on the hyperlinks will cause an unknown executable file to be downloaded. For further information please read the alert: https://rusecure/content/special-alert-fdic-federal-deposit-insurance-corp   

 Yesterday I received a "hot tip" from a friend in the form of an email offering a free laptop from Sony-Ericsson if I forwarded the offer to 8 people on my address list.  I'd get even a better laptop if I sent it to 20.  Too good to be true, right?  Right!  A quick visit to snopes.com answered my question and straightened out my friend.  Not only was there no laptop, but the person's name on the offer never existed.  It was a pretty picture of a nice laptop!  Urban legends, they're also in email.  Check before you send, or you might be sorry!  Stop. Think. Secure IT!

Sounds easy, but for security reasons, there’s a little more to it than just plugging the computer into the wall, or opening up your laptop.  If you’re working with wireless make sure you’re working on a secure network. Though wireless is easy and accessible, most wireless is not secure.  An insecure network can allow people in your area to use your Internet connection, access your computer, and steal information sent over the connection. Internet cafes and other wireless access points are insecure. Most wireless accommodations are open and available for anyone to drop into. Use wireless for public information transmissions only; do not maintain or store sensitive or confidential information on mobile equipment; do not use wireless to transmit confidential information (bank account numbers, passwords, personal information, [NPPI], etc.); make sure the firewall on your computer is enabled and you're using a complex password.  Stop. Think. Secure IT!

Confidential information (NPPI) should never be stored on mobile equipment.  This includes credit card numbers, passwords, bank numbers (etc.), and the personal information of other people. The information, itself, is usually more valuable than the equipment it’s stored on. Loss, theft, or negligence in the care of private information could lead to legal problems if the information is breached or compromised, especially if you’re handling the information for the university or a corporate entity.  If it’s necessary to transport NPPI on portable equipment, make sure it’s encrypted, and protect it like your wallet.  Stop. Think. Secure IT!

Because they're mobile, they're easy to lose or have stolen.  It may be that your information on the equipment is even more valuable than the equipment itself (not a smart idea on mobile equipment).  Lock mobile equipment with complex passwords and encryption if possible.  Smart phones, and netbooks need maintenance and security, just as your laptop and desktop computers.  Though they have less powerful processors they are still vulnerable to viruses and worms from visiting websites infected with malware, downloading infected applications, and insecure wireless networks.  Thumb drives are a problem because they’re easier to lose, or have stolen. When you copy infected information into the drive it's easily spread to other machines. Protect your mobile information with encryption, and complex passwords, work on a secure network, and beware of  cyber cafes. Stop. Think. Secure IT!
 

Remember the Conficker worm? It uses flaws (yes, it's still around) in Windows software to remotely take over computers and link them into a virtual computer that can be commanded remotely by its authors. In August, 2009, Conficker had more than five million computers under its control — government, business and home computers in more than 200 countries.  Compromises like this can be avoided by regular patching (updating software). You can protect yourself from malware like conficker which can ultimately lead to identity theft, financial loss, and/or cyber crime.  Make sure your machine is patched up to date.  It’s easy and takes no time if you do it automatically.  The same with Rutgers Antivirus Delivery Service…it’s free (for Rutgers faculty, staff and students), automatic and covers spyware, too. Do yourself a favor and consider maintenance a priority.  Stop. Think. Secure IT!